Privacy Policy

Effective date: 1 April 2026

This Privacy Policy explains how Koivu Ventures Pte. Ltd. (“BridgeTrace”, “we”, “us”) collects, uses, and protects your personal data when you use bridgetrace.com and related services.

Our registered address is 11 Collyer Quay #05-06C The Arcade, Singapore 049317. For privacy inquiries, contact kari@bridgetrace.com.

1. Data we collect

1.1 Information you provide

• Account and sign-up data: Email address, name, company name, country, role (buyer type or supplier category).
• Quote and order data: Contact details, shipping address, material preferences, volume requirements, and payment information (processed by Stripe; we do not store card numbers).
• Supplier application data: Contact name, email, company, country, materials produced, website, and any additional information you choose to provide.
• Communications: Messages you send us, including support requests, feedback, and correspondence.

1.2 Information collected automatically

• Usage data: Pages visited, search queries, features used, time on site, referring pages.
• Device data: Browser type, operating system, IP address, device identifiers.
• Cookies: We use strictly necessary cookies and analytics cookies. See Section 5.

2. How we use your data

We use your data for the following purposes:

• Platform operation: To operate the marketplace, process sample orders, route bulk quote requests, and manage user accounts.
• Verification services: To coordinate lab testing, create digital passports, and link verification data to specific batches and suppliers.
• Communication: To respond to inquiries, send order confirmations, notify you of new verified listings, and provide platform updates.
• Improvement: To analyze usage patterns, improve the platform, and develop new features.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

3. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

• Contract: Processing necessary to provide our services, fulfill orders, and manage your account.
• Legitimate interest: Platform improvement, fraud prevention, and business communications that do not override your rights.
• Consent: Marketing emails and non-essential cookies. You can withdraw consent at any time.
• Legal obligation: Where required by law, such as tax record-keeping for transactions.

4. Data sharing

We do not sell your personal data.

We share data with the following categories of recipients:

• Payment processors: Stripe processes payments. Their privacy policy governs their handling of your payment data.
• Suppliers: When you request a sample or bulk quote, the relevant supplier receives your contact and order details to fulfill the request.
• Hosting and infrastructure: Vercel (hosting), Supabase (database). Data may be processed in the United States and the European Union.
• Analytics: We may use privacy-respecting analytics tools to understand platform usage. We do not use Google Analytics.
• Legal requirements: We may disclose data if required by law, regulation, or legal process, or to protect the rights, safety, or property of BridgeTrace or others.

5. Cookies

• Strictly necessary: Session management and security. These cannot be disabled.
• Analytics: Anonymous usage statistics to improve the platform. Enabled only with your consent.

We do not use advertising cookies or third-party tracking. You can manage cookie preferences through your browser settings.

6. Data retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until you request deletion or the account is inactive for 24 months.
• Order data: Retained for 7 years for tax and legal compliance.
• Waitlist and application data: Retained for 24 months unless you request earlier deletion.
• Usage data: Aggregated and anonymized after 12 months.

7. Your rights

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data, subject to legal retention obligations.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact kari@bridgetrace.com. We will respond within 30 days.

8. International data transfers

BridgeTrace is operated from Singapore with infrastructure in the United States and the European Union. If you are located outside these regions, your data may be transferred to and processed in these jurisdictions.

For EEA users, we rely on Standard Contractual Clauses approved by the European Commission for transfers outside the EEA where an adequacy decision does not exist.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security.

10. Children

BridgeTrace is a B2B platform and is not directed at individuals under 18 years of age. We do not knowingly collect data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The effective date at the top indicates the latest version.

12. Contact and complaints

Data controller: Koivu Ventures Pte. Ltd.
11 Collyer Quay #05-06C The Arcade, Singapore 049317
Privacy contact: kari@bridgetrace.com

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. For EEA residents, a list of authorities is available at edpb.europa.eu.